Cryptocurrency exchange Bybit has launched a bounty program worth up to $140 million in hopes of recovering the record-breaking $1.5 billion stolen from its wallet by North Korea’s notorious cyber-crime group, Lazarus. The initiative, dubbed “Lazarusbounty.com,” aims to incentivize individuals and exchanges to help track down and return the stolen Ethereum.
Bybit CEO Ben Zhou has vowed that his company will not rest until the Lazarus group is brought to justice, stating, “We will not stop until Lazarus or bad actors in the industry are eliminated.” The program offers a 5% reward to anyone who reports and helps recover the stolen coins, with Bybit and the facilitating exchange receiving a 5% cut of the recovered funds.
The theft, which occurred on February 21, saw over 400,000 ETH and stETH worth more than $1.5 billion diverted from an offline Ethereum wallet to an unidentified address. An investigation by forensic security outfit Sygnia Labs and financial investigators Verichains found that the attack was carried out by miscreants who compromised a SafeWallet developer’s machine, allowing them to alter the JavaScript code of Bybit’s fund management software.
Bybit is now setting up a “HackBounty platform” to engage the entire industry in hunting down cyber-thieves. CEO Zhou expressed optimism about the initiative, saying, “I am energized by the incredible camaraderie on-chain and in real life. This can be a transformative moment for our industry if we get it right. Together, we can build a stronger defense system against cyber threats.”
Despite the theft, Bybit claims its customer accounts are unaffected and has enough funds to cover transactions. The exchange’s problems began with a sophisticated attack that manipulated smart contract logic and masked signing interfaces, allowing the attacker to gain control of the Ethereum wallet.
North Korea’s Lazarus group is known for sophisticated social engineering attacks on developer credentials and zero-day exploits. Bybit’s bounty program is part of its efforts to recover stolen funds and strengthen the industry’s defenses against cyber threats.
Source: https://www.theregister.com/2025/02/26/bybit_lazarus_bounty